Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 9dc47c4cea5a5c38fb93978519e0c04f98be8631
commit9dc47c4cea5a5c38fb93978519e0c04f98be8631[log] [tgz]
authorDragan Dosen <ddosen@haproxy.com>Mon May 04 09:07:28 2020 +0200
committerChristopher Faulet <cfaulet@haproxy.com>Mon May 25 08:22:22 2020 +0200
treecf34a447308434803ef512d2913a4eaf06b26083
parent3b614335cf25a7081c25e0a789c932c5960f221c [diff]
BUG/MEDIUM: ssl: fix the id length check within smp_fetch_ssl_fc_session_id()

After we call SSL_SESSION_get_id(), the length of the id in bytes is
stored in "len", which was never checked. This could cause unexpected
behavior when using the "ssl_fc_session_id" or "ssl_bc_session_id"
fetchers (eg. the result can be an empty value).

The issue was introduced with commit 105599c ("BUG/MEDIUM: ssl: fix
several bad pointer aliases in a few sample fetch functions").

This patch must be backported to 2.1, 2.0, and 1.9.

(cherry picked from commit f35d69e7fc13aab89afcf394c5b96133d3060c1a)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 1028e256e249bc75893b108154fc499ab1b5f825)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
1 file changed
tree: cf34a447308434803ef512d2913a4eaf06b26083
  1. .github/
  2. contrib/
  3. doc/
  4. ebtree/
  5. examples/
  6. include/
  7. reg-tests/
  8. scripts/
  9. src/
  10. tests/
  11. .cirrus.yml
  12. .gitignore
  13. .travis.yml
  14. BRANCHES
  15. CHANGELOG
  16. CONTRIBUTING
  17. INSTALL
  18. LICENSE
  19. MAINTAINERS
  20. Makefile
  21. README
  22. ROADMAP
  23. SUBVERS
  24. VERDATE
  25. VERSION